Redirect to https:// not working – bug report

jepe · July 11, 2021, 12:34pm

hi,

first off, I apologize for having not responded a question about my previous bug report (identical to this one -- almost I'll try to be more elaborate this time around )

it was here:

and I really am sorry, please excuse me

this time, I did the same thing:
installed a new server, debian 10, and installed certbot, following exactly the instructions at this page:
https://certbot.eff.org/lets-encrypt/debianbuster-apache.html

and then I ran it,
and checked my virtual host file...
and I found the same "error" (problem)

which is:
in the mydomain-le-ssl.conf file,
after the ENDING "if_module" tag, which starts at the top of the page like this:

"IfModule mod_ssl.c
VirtualHost ip_address:443"

so, under
/VirtualHost
/IfModule

this appears:
IfModule mod_ssl.c
VirtualHost ip_address:80

AND the entire text which exists in
mydomain.conf
is placed here...

and I believe that this is the product of an erratic behavior... somehow...

I guess, apache can be configured in various ways...
the convention I follow is to have two separate files for the
"port-80" normal web connection, and the SSL connection...
like
mydomain.conf and mydomain-le-ssl.conf, respectively...

and in this case, the text (code) from mydomain.conf shouldn't appear in mydomain-le-ssl.conf

nevertheless,
whatever happens, the "port-80" connection's config text
shouldn't appear in a mod_ssl.c tag, right?

like this...
IfModule mod_ssl.c
VirtualHost ip_address:80

if this is not a bug, I'm sorry... but it really looks like that to me...

and once again, I'm sorry I didn't reply to that question..

Peter

PS:
it is because of this unwanted block of config code in the mydomain-le-ssl.conf file which screws up the "redirect permanent" command line (=makes it not to work)
hence the subject of this report

PS 2: I removed the code "brackets" (?) the less or larger than signs so that the code would be visible here...

griffin · July 11, 2021, 8:26pm

Hello

I've actually witnessed this same bug myself in a few help cases I've worked here, but have no definitive answers yet. You are correct that this is not intended behavior. What version of certbot are you running (certbot --version)?

When posting code, you can put it inside a block, like this:

```
code

```

It will then appear like so:

code

rg305 · July 12, 2021, 1:59am

That is by far the most perceptive (and possible understated) statement in this topic.
Apache will attempt to run at all costs.
In my experience, it is usually where most of the problems exist.
We should have a look at your entire Apache configuration.

jepe · July 12, 2021, 5:03am

version: 1.17.0

(the same on both servers where I've encountered this)

jepe · July 12, 2021, 6:26am

okay... tell me what exactly you need (i've attached the 2 vhost config files)

once again, this is certbot version 1.17.0,
and I've never had this before

as to the outline of the apache config:

   /etc/apache2/

   apache2.conf
   ports.conf
   mods-enabled/
          *.load
          *.conf
   conf-enabled/
          *.conf
   sites-enabled/
           *.conf

I use "sites-available" and "sites-enabled", in the latter there are symlinks to files in the former... created by apache when "a2ensite" is issued

once the "https" works, I'll uncomment a "redirect permanent" line in the port:80 file (domain.conf)
above the "Directory" block, under the virtual host

NOTE: certbot tends to use redirect engine, at the bottom of the config code block...
BUT, it/she/he always realizes, in my case, that "there's already a redirection" in the config... so, this part works well and intelligently...

.
.
--- PS / some SPECULATION:

my obvious "guess", if I may:
certbot creates the domain-le-ssl.conf file from domain.conf
so, it seems logical to suppose that the problem happens in
this copy-pasting process...

cause there are 3 "text" blocks...
A: (.conf-file) virtualhost config block for port:80
B: (le-ssl.conf) virtualhost copy-pasted AND modified config block for port:443
C: (le-ssl.conf) virtualhost copy-pasted BUT NOT modified config block below the "good" block... in a wrong (port:443) tag

I'd suppose that the "443" tag is key trace...
cause what happens appears to be NOT:

a copy-paste 2x (instead of one)
a modification -- find & replace

but:

a copy-paste
a modification -- which includes a copy-paste within the file, so there will be a "temporary config-block", above which the "result code block" is being generated

and perhaps this "temporary block" is NOT deleted when it should be...
and it's nicely wrapped up in the appropriate virtualhost tags...
.
.

---- attachments:
vhost.conf.txt (721 Bytes)
vhost-le-ssl.conf.txt (887 Bytes)

rg305 · July 12, 2021, 9:42pm

Please show the output of:
apachectl -S

griffin · July 12, 2021, 9:50pm

Make that:

sudo apachectl -S

system · August 11, 2021, 9:50pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.